July 22, 2013
Edward Snowden’s disclosures regarding National Security Agency (NSA) surveillance operations identify partnerships between that agency and many of the world’s leading communication and information technology companies. The revelations regarding NSA collaborations with Microsoft are, however, some of the most troubling. They appear to illustrate an expansive and extremely threatening interpretation of American national security laws.
Snowden alleges that Microsoft collaborated extensively with the NSA to facilitate the agency’s interception of both metadata and communications content generated by users of a wide range of Microsoft products and services. He claims that the company cooperated with the NSA enabling the agency to conduct surveillance on electronic mail and chat communications using the “Outlook.com” service, voice and video communications through Skype (which is owned by Microsoft), and data stored on Microsoft’s “SkyDrive” cloud computing system.
Snowden claims that Microsoft did more than merely acquiesce in NSA monitoring of use of its products and services. According to Snowden, Microsoft made technical modifications to its systems to facilitate NSA surveillance.
For example, Snowden contends that Microsoft helped the NSA to circumvent encryption capabilities that the company had incorporated into its e-mail, chat, and cloud computing services. Additionally, Snowden claims that Microsoft modified its Skype communications system to facilitate NSA monitoring.
If the Snowden allegations are accurate, the key question is whether or not Microsoft’s cooperation was voluntary or compelled by law. Microsoft continues to assert that it discloses customer data only in response to legal requirements. If Microsoft is complying with this stated policy, we must assume that its cooperation with the NSA was compelled through some legal mechanism.
The most likely source of any such legal orders compelling cooperation with the NSA appears to be the Foreign Intelligence Surveillance Court (FISC). The actions of the FISC are generally not publicly disclosed. Accordingly, the public would have no way to know if Microsoft’s cooperation with the NSA is based on a FISC order. Additionally, because parties to FISC actions are prohibited from disclosing those actions, we would have no way to know if Microsoft contested any such order.
This level of collaboration between commercial companies and the NSA is inappropriate and appears to exceed the authority granted to U.S. intelligence organizations under existing legislation such as the Patriot Act. If Microsoft and other companies are engaging in this cooperation voluntarily, then they are exercising extremely poor business judgment and are arguably acting in violation of the law. If they are acting under compulsion as a result of FISC orders, then it is time to modify the system of judicial oversight of national security matters.
If the judicial oversight system permits federal intelligence authorities to issue secret orders requiring commercial communications and information technology companies to modify their equipment, products, and services in order to facilitate government spying on individuals, then the system has become a serious threat to the civil liberties of the American people. Additionally, if FISC is compelling American companies to undermine their own privacy and security measures, it is placing those companies at a competitive disadvantage, particularly in international markets, and it is forcing those companies to violate their obligations to their customers.